Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify U2F attestation verification #857

Closed
apowers313 opened this issue Mar 29, 2018 · 6 comments · Fixed by #861
Closed

Clarify U2F attestation verification #857

apowers313 opened this issue Mar 29, 2018 · 6 comments · Fixed by #861
Assignees
@emlun
Labels
stat:pr-open subtype:attestation type:editorial
Milestone
PropRec

Comments

@apowers313
Copy link
Contributor

Step 4 of the U2F attestation verification procedure could use some clarification:

Convert the COSE_KEY formatted credentialPublicKey (see Section 7 of [RFC8152]) to CTAP1/U2F public Key format [FIDO-CTAP].

Suggest adding "Section XYZ of [FIDO-CTAP]. CTAP is a big spec and it's not immediately clear that there's actually any section that defines a public key format.

  • Let publicKeyU2F represent the result of the conversion operation and set its first byte to 0x04. Note: This signifies uncompressed ECC key format.
  • Extract the value corresponding to the "-2" key (representing x coordinate) from credentialPublicKey, confirm its size to be of 32 bytes and concatenate it with publicKeyU2F. If size differs or "-2" key is not found, terminate this algorithm and return an appropriate error.
  • Extract the value corresponding to the "-3" key (representing y coordinate) from credentialPublicKey, confirm its size to be of 32 bytes and concatenate it with publicKeyU2F. If size differs or "-3" key is not found, terminate this algorithm and return an appropriate error.

I think a final bullet should be added stating Let publicKeyU2F be the concatenation of (0x04 || x || y).
@emlun emlun added this to the PR milestone Apr 4, 2018
@emlun emlun self-assigned this Apr 4, 2018
@emlun
Copy link
Member

emlun commented Apr 4, 2018

Thanks, it turns out the [FIDO-CTAP] reference was actually wrong and should instead be a reference to [FIDO-U2F-Message-Formats].

emlun added a commit that referenced this issue Apr 4, 2018
@emlun
Improve U2F key reformatting instructions as suggested by @apowers
b341146 
See #857
@emlun emlun mentioned this issue Apr 4, 2018
Merged
emlun added a commit that referenced this issue Apr 4, 2018
@emlun
Improve U2F key reformatting instructions as suggested by @apowers
c137565 
See #857
@yackermann
Copy link
Contributor

@emlun maybe "1. Convert the COSE_KEY formatted |credentialPublicKey| (see Section 7 of [[!RFC8152]]) to Raw ANSI X9.62 public key format(see ALG_KEY_ECC_X962_RAW in Section 3.6.2 of [[!FIDO-Registry]]).

@emlun
Copy link
Member

emlun commented Apr 12, 2018

@herrjemand For the record, could you submit that as a review in PR #861 instead?

@emlun
Copy link
Member

emlun commented Apr 25, 2018

@herrjemand Bump

@yackermann
Copy link
Contributor

@emlun Sorry have not seen you previous message *)

1 similar comment
@yackermann
Copy link
Contributor

@emlun Sorry have not seen you previous message *)

@emlun emlun closed this as completed in #861 May 2, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@emlun emlun

Labels
stat:pr-open subtype:attestation type:editorial
Projects
None yet
Milestone
PropRec
Development

Successfully merging a pull request may close this issue.

Clarify U2F attestation verification instructions w3c/webauthn
3 participants
@emlun @yackermann @apowers313